​IRCA Business Continuity Management System Auditor Certification Scheme

To be certificated to this scheme, you will need to demonstrate that you have the skills to audit the proper implementation of ISO 22301. For the 2019 version of the scheme you must demonstrate through your CPD evidence that you have fully up to date knowledge of this scheme.

Business continuity management systems (BCMS) and business continuity planning are crucial to small and large organisations in all sectors – now more than ever. Every organisation can be affected by a disruption of business operations, which in the worst case can be fatal for the organisation and lead to bankruptcy. ISO 22301 helps organisations minimise the risk of disruptions to operations because of major or minor incidents.

The purpose of our BCMS Auditor Certification Scheme is to provide confidence that auditors certified to this scheme are competent.

The IRCA BCMS Auditor Certification Scheme has been developed in partnership with the Business Continuity Institute (BCI), in response to the demand for competent auditors of BCMS's.

Eligibility

• BCMS auditors, e.g.  those employed by third-party certification bodies/registrars or by purchasing organisations
• BCMS practitioners, e.g. senior managers, BCMS consultants and other BC personnel • Employees conducting BCMS audits within their own organisation, i.e. internal audits.

Scheme specific (additional) requirements

Auditors are required to demonstrate the following knowledge and competencies:

• Knowledge of business continuity management principles that cover:
  • BCM policy and programme management
  • Understanding the organisation – impact and risk
  • Determining BCM strategies
  • Developing and implementing BCM responses
  • Exercising, maintaining and reviewing BCM arrangements
  • Embedding BCM in organisational culture.

Note: IRCA will accept completion of the BCI Certificate Examination (CBCI) as evidence of the above.

• Understanding the core processes involved in business continuity management and the interrelationships that enable the auditor to examine BCMS, and to generate appropriate audit findings and conclusions
• Understanding the relationship processes based on business continuity management and supplier continuity management
• Understanding resolution processes based on identifying potential threats and impacts, and handling disruptions and business continuity incidents
• Knowledge of processes and products, including services, that enable the auditor to comprehend the business context in which the audit is being conducted
• Knowledge of relevant standards, regulatory or legal requirements pertaining to BCM, within the specific sector and geography being audited
• Understanding the need for BCM to be a top management-led embedded business process, and the experience to evaluate whether this is being maintained effectively.
• Understanding the nature of continual improvement through the use of top management leadership, planning and performance evaluation.

The BCMS Scheme is based on the auditing key standard:

ISO 22301: Societal security – Business continuity management – Requirements.

Acceptable alternative standards

We may accept audits to alternative standards not listed on the IRCA certification scheme. To find out more please visit the Acceptable Alternative Standards page.